My name is Vivek Mahajan, and for over 15 years, I’ve built secure digital systems for governments and global enterprises at Cisco, NTT, and Fujitsu. I thought I’d seen it all—until I entered the NDIS sector in 2022 as the founder of Careable, a registered NDIS provider. What I witnessed in the disability support sector wasn’t just a cybersecurity gap; it was a risk to the very people providers dedicate their lives to serving. That realization drove me to launch Cyber Guide, a mission to make cybersecurity as integral to NDIS providers as compassion and care.
A Shocking Discovery
When I started Careable, I expected to focus on delivering high-quality support to participants. But as I worked alongside other NDIS providers, I saw a troubling pattern. Many were using outdated laptops vulnerable to hacks, sharing NDIS portal logins across teams, and storing sensitive participant data—case notes, health records, NDIS plans—without encryption. Emails with critical forms were sent unprotected, and phishing scams mimicking MyGov or NDIS portals went unnoticed due to a lack of staff training.
These weren’t careless providers. They were passionate, overworked teams pouring their hearts into participant care. But with lean budgets and high compliance demands, cybersecurity was an afterthought. The Australian Cyber Security Centre (ACSC) reports that 43% of cyberattacks target small businesses like NDIS providers, with 80% involving stolen credentials. A single breach could expose participant data, leading to identity theft, financial loss, or emotional harm, and risking fines up to $2.2 million under the Privacy Act 1988 or loss of NDIS registration.
As a cybersecurity expert and NDIS provider, I felt a personal responsibility to act. These gaps weren’t just technical—they threatened participant dignity and the trust at the heart of the NDIS.
Debunk myths in Cybersecurity Myths NDIS Providers Should Stop Believing.
Turning Concern into Action
In 2022, I founded Cyber Guide to bridge this gap. My mission was clear: empower NDIS providers with accessible, practical cybersecurity solutions that honor their care-driven ethos. I saw cybersecurity not as a technical burden but as an extension of the NDIS Code of Conduct’s commitment to participant choice, control, and safety.
At Careable, I put this into practice. In 2023, we adopted Google Workspace for secure, encrypted data storage, ensuring compliance with the Privacy Act’s Australian Privacy Principle 11. This protected participant data from breaches and simplified NDIS audits, proving that cybersecurity could be both effective and affordable.
Learn about compliance in NDIS Compliance and Cybersecurity.
Cyber Guide’s Mission
Cyber Guide is built for NDIS providers—small teams with big responsibilities. Our mission, rooted in Careable’s C.A.R.E. philosophy (Compassion, Accountability, Respect, Empowerment), is to make cybersecurity a seamless part of care. We achieve this through:
- Plain-Language Education: Blogs and guides explain phishing, 2FA, and compliance without jargon.
- Free and Affordable Tools: Resources like Google Authenticator for MFA and Bitwarden for password management.
- Cyber-Safe Culture: Training templates to build vigilance, aligned with ACSC’s Essential Eight.
- Compliance Support: Checklists and policies to meet NDIS Practice Standards.
Since 2022, Cyber Guide has supported hundreds of NDIS providers with free resources and affordable consulting, helping them secure data and build trust. The ACSC’s Small Business Cyber Security Guide informs our approach, ensuring solutions fit providers’ realities.
Explore tools in Free Tools to Boost Your Cybersecurity.
Why This Matters
For NDIS providers, cybersecurity is more than compliance—it’s about protecting participants’ dignity. A breach can shatter trust, disrupt care, and lead to devastating consequences. The ACSC’s 2024 Annual Cyber Threat Report warns that 60% of small businesses fail within six months of a cyberattack, with average losses of $46,000. Cyber Guide exists to prevent this, ensuring providers can focus on care without fear.
As I often say, “You care for people—I’ll help protect the systems that support them.” Cyber Guide is my commitment to walk alongside NDIS providers, offering NDIS-specific solutions that empower and protect.
See training tips in How to Train Your Staff on Cybersecurity Basics.
Join the Journey
Cyber Guide is more than a resource—it’s a community of NDIS providers committed to secure, compassionate care. Whether you’re securing your first device or building a compliance framework, we’re here with free tools, actionable advice, and a shared mission.
About Cyber.Guide: Founded in 2022 by Vivek Mahajan, Cyber Guide empowers NDIS providers with practical cybersecurity solutions. Rooted in Careable’s C.A.R.E. philosophy, we’ve supported hundreds of providers with NDIS- and ACSC-aligned resources.
Test Yourself: Is your NDIS business cyber-ready? Take our free Cybersecurity Quiz to find out.
Author: Vivek Mahajan, founder of Careable and Cyber.Guide, brings over 15 years of cybersecurity experience from Cisco, NTT, and Fujitsu, plus hands-on NDIS expertise since 2022. Connect at vivek@careable.com.au or LinkedIn.
Trust Note: All Cyber.Guide content is fact-checked, updated quarterly, and aligned with ACSC’s Essential Eight and NDIS Practice Standards. Examples are generalized from ACSC data or verified outcomes; no unverified incidents are included. Statistics are sourced from the 2024 ACSC Annual Cyber Threat Report. See our Privacy Policy.
CTA: Download our NDIS Cybersecurity Starter Kit at Cyber.Guide to protect your participants today.
Incident Reporting: If you suspect a data breach, report it to the ACSC at cyber.gov.au/report and notify the OAIC for eligible breaches, per the Privacy Act 1988.
